Posted
by
EditorDavid
on Sunday November 27, 2016 @11:30PM
from the TDD-vs-HDD dept.

marekkirejczyk, the VP of Engineering at development shop Daftcode, shares a warning about hype-driven development:
Someone reads a blog post, it's trending on Twitter, and we just came back from a conference where there was a great talk about it. Soon after, the team starts using this new shiny technology (or software architecture design paradigm), but instead of going faster (as promised) and building a better product, they get into trouble. They slow down, get demotivated, have problems delivering the next working version to production.
Describing behind-schedule teams that "just need a few more days to sort it all out," he blames all the hype surrounding React.js, microservices, NoSQL, and that "Test-Driven Development Is Dead" blog post by Ruby on Rails creator David Heinemeier Hansson. ("The list goes on and on... The root of all evil seems to be social media.") Does all this sound familiar to any Slashdot readers? Has your team ever succumbed to hype-driven development?

Posted
by
EditorDavid
on Saturday September 03, 2016 @02:34PM
from the coding-competitions dept.

After analyzing 1.4 million scores on HackerRank's tests for coding accuracy and speed, Chinese programmers "outscored all other countries in mathematics, functional programming, and data structures challenges". Long-time Slashdot reader DirkDaring quotes a report from InfoWorld:
While the United States and India may have lots of programmers, China and Russia have the most talented developers according to a study by HackerRank... "If we held a hacking Olympics today, our data suggests that China would win the gold, Russia would take home a silver, and Poland would nab the bronze. Though they certainly deserve credit for making a showing, the United States and India have some work ahead of them before they make it into the top 25."
While the majority of scores came from America and India, the two countries ranked 28th and 31st, respectively. "Poland was tops in Java testing, France led in C++, Hong Kong in Python, Japan in artificial intelligence, and Switzerland in databases," reports InfoWorld. Ukrainian programmers had the top scores in security, while Finland showed the highest scores for Ruby.

Posted
by
BeauHDon Thursday August 18, 2016 @03:55PM
from the this-or-that dept.

An anonymous reader writes from a report via The Daily Dot: Onion's Omega2 computer may give the Raspberry Pi a run for its money if the success of the Kickstarter campaign is any indication. The Daily Dot reports: "With an initial goal of just $15,000, over 11,560 backers have pledged the company $446,792 in hopes of getting their hands on this little wonder board. So why are thousands of people losing their minds? Simple; the Omega2 packs a ton of power into a $5 package. Billed as the world's smallest Linux server, complete with built-in Wi-Fi, the Omega2 is perfect for building simple computers or the web connected project of your dreams. The tiny machine is roughly the size of a cherry, before expansions, and runs a full Linux operating system. For $5 you get a 580MHz CPU, 64MB memory, 16MB storage, built-in Wi-Fi and a USB 2.0 port. A $9 model is also available with 128MB of memory, 32MB of storage, and a MircoSD slot. The similarly priced Raspberry Pi Zero comes with a 1GHz Arm processor, 512MB of memory, a MicroSD slot, no onboard storage, and no built-in Wi-Fi. Omega2 supports the Ruby, C++, Python, PHP, Perl, JavaScript (Node.js), and Bash programming languages, so no matter your background in coding you should be able to figure something out." You can also add Bluetooth, GPS, and 2G/3G support via add-ons or expansions. It looks promising, though it is a Kickstarter campaign and the product may not come into fruition.

Posted
by
whipslashon Wednesday August 03, 2016 @10:30AM
from the go-ahead-and-ask dept.

David Heinemeier Hansson created the Ruby on Rails open-source web framework in 2003. David is also the founder and CTO of Basecamp, a project management tool that's been used by more than 15 million people. In addition, David is the best-selling author of REWORK, a book about starting and running businesses a better way. David has agreed to take some time to answer some of your questions.

Ask as many questions as you'd like, but please, one per comment. (And feel free to also leave your suggestions for who Slashdot should interview next.) We'll pick the very best questions -- and forward them on to David Heinemeier Hansson himself.

Posted
by
EditorDavid
on Sunday July 31, 2016 @04:35PM
from the rewriting-the-rankings dept.

An anonymous reader quotes Network World:
U.K.-based technology analyst firm RedMonk just released the latest version of its biannual rankings of programming languages, and once again JavaScript tops the list, followed by Java and PHP. Those are same three languages that topped RedMonk's list in January. In fact, the entire top 10 remains the same as it was it was six months ago...
Python ranked #4 on RedMonk's list, while the survey found a three-way tie for fifth place between Ruby, C#, and C++, with C coming in at #9 (ranking just below CSS). Network World argues that while change comes slowly, "if you go back deeper into RedMonk's rankings, you can see slow, ongoing ascents from languages such as Go, Swift and even TypeScript."

Interestingly, an earlier ranking by the IEEE declared C to be the top programming language of 2016, followed by Java, Python, C++, and R. But RedMonk's methodology involves studying the prevalence of each language on both Stack Overflow and GitHub, a correlation which "we believe to be predictive of future use, hence their value."

Posted
by
BeauHDon Friday July 01, 2016 @06:25PM
from the take-a-licking-and-keep-on-ticking dept.

sombragris writes: Slackware, the oldest GNU/Linux distribution still in active maintenance, was released just minutes ago. Slackware is noted for being the most Unix-like of all Linux distributions. While sporting kernel 4.4.14 and GCC 5.3, other goodies include Perl 5.22.2, Python 2.7.11, Ruby 2.2.5, Subversion 1.9.4, git-2.9.0, mercurial-3.8.2, KDE 4.14.21 (KDE 4.14.3 with kdelibs-4.14.21) Xfce 4.12.1... and no systemd!

According to the ChangeLog: "The long development cycle (the Linux community has lately been living in
"interesting times," as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2. The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system. Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality." Grab the ISOs at a mirror near you. Enjoy! The torrents page can be found here.

Posted
by
msmash
on Friday July 01, 2016 @10:20AM
from the trying-to-stay-on-track dept.

steveb3210 writes: Today, Ruby On Rails released version 5.0.0 of the platform. Major new features include ActionCable which brings support for WebSockets and a slimmed-down API-only modeFrom the official blog post:After six months of polish, four betas, and two release candidates, Rails 5.0 is finally done! It's taken hundreds of contributors and thousands of commits to get here, but what a destination: Rails 5.0 is without a doubt the best, most complete version of Rails yet. It's incredible that this community is still going so strong after so long. Thanks to everyone who helped get us here. [...] Note: As per our maintenance policy, the release of Rails 5.0 will mean that bug fixes will only apply to 5.0.x, regular security issues to 5.0.x and 4.2.x, and severe security issues also to 5.0.x and 4.2.x (but when 5.1 drops, to 5.1.x, 5.0.x, and 4.2.x). This means 4.1.x and below will essentially be unsupported! Ruby 2.2.2+ is now also the only supported version of Rails 5.0+.

Posted
by
EditorDavid
on Saturday June 25, 2016 @10:33AM
from the watch-your-language dept.

"Researchers have discovered a vulnerability within the Swagger specification which may place tools based on NodeJS, PHP, Ruby, and Java at risk of exploit," warns ZDNet's blog Zero Day, adding "the severe flaw allows attackers to remotely execute code." Slashdot reader msm1267 writes:
A serious parameter injection vulnerability exists in the Swagger Code Generator that could allow an attacker to embed executable code in a Swagger JSON file. The flaw affects NodeJS, Ruby, PHP, Java and likely other programming languages. Researchers at Rapid7 who found the flaw disclosed details...as well as a Metasploit module and a proposed patch for the specification. The matter was privately disclosed in April, but Rapid7 said it never heard a response from Swagger's maintainers.

Swagger produces and consumes RESTful web services APIs; Swagger docs can be consumed to automatically generate client-server code. As of January 1, the Swagger specification was donated to the Open API Initiative and became the foundation for the OpenAPI Specification. The vulnerability lies in the Swagger Code Generator, and specifically in that parsers for Swagger documents (written in JSON) don't properly sanitize input. Therefore, an attacker can abuse a developer's trust in Swagger to include executable code that will run once it's in the development environment.

Posted
by
EditorDavid
on Sunday May 29, 2016 @06:30AM
from the enjoying-your-weekend? dept.

An anonymous reader writes: David Heinemeier Hansson, the creator of Ruby on Rails, is applauding talk of an after-work e-mail ban, writing that "the ever-expanding expectations for when someone is available have gotten out of hand... Work emails are ticking in at all sorts of odd hours and plenty of businesses are dysfunctional enough to believe they have a right to have those answered, whatever the hour. That's unhealthy, possibly even exploitative... Same goes for forcing everyone to work in an open office. The research is mounting on all the ills that come from persistent noise and interruptions from that arrangement."

While acknowledging that his firm's project management tool Basecamp has a "perfect storm" of features that can send emails and texts after hours, Hansson points out that at least version 3 (released in 2015) shipped with a scheduling feature that will hold notifications during weekends and other specified off-work periods. "What we need before we can even dream of having something like the French response is a change in attitudes. Less celebration of workaholism, more #WorkCanWait. More recognition that stress from unrealistic and unhealthy expectations and work habits is actually a real hazard to health and sanity."

First released in 1985 via BBS, Phrack has been staffed by dozens of editors and contributors in its three-plus decades. The long-running zine has also hosted a number of notable articles, including the famed Hacker Manifesto and Smashing The Stack For Fun And Profit.

Posted
by
msmash
on Friday May 06, 2016 @10:22AM
from the security-woes dept.

Dan Goodin, reporting for Ars Technica: A large number of websites are vulnerable to a simple attack that allows hackers to execute malicious code hidden inside booby-trapped images. The vulnerability resides in ImageMagick, a widely used image-processing library that's supported by PHP, Ruby, NodeJS, Python, and about a dozen other languages. Many social media and blogging sites, as well as a large number of content management systems, directly or indirectly rely on ImageMagick-based processing so they can resize images uploaded by end users. According to developer and security researcher Ryan Huber, ImageMagick suffers from a vulnerability that allows malformed images to force a Web server to execute code of an attacker's choosing. Websites that use ImageMagick and allow users to upload images are at risk of attacks that could completely compromise their security. "The exploit is trivial, so we expect it to be available within hours of this post," Huber wrote in a blog post. He went on to say: "We have collectively determined that these vulnerabilities are available to individuals other than the person(s) who discovered them. An unknowable number of people having access to these vulnerabilities makes this a critical issue for everyone using this software."

Posted
by
BeauHDon Friday April 15, 2016 @08:10PM
from the record-time dept.

itwbennett quotes a report from CSO: A new tool from MIT exploits some of the idiosyncrasies in the Ruby on Rails programming framework to quickly uncover new ones, writes Katherine Noyes. In tests on 50 popular web applications written using Ruby on Rails, the system found 23 previously undiagnosed security flaws, and it took no more than 64 seconds to analyze any given program. Ruby on Rails is distinguished from other frameworks because it defines even its most basic operations in libraries. MIT's researchers took advantage of that fact by rewriting those libraries so that the operations defined in them describe their own behavior in a logical language.

Posted
by
msmash
on Wednesday March 30, 2016 @08:40AM
from the microsoft-loves-linux dept.

Steven J. Vaughan-Nichols reports for ZDNet: According to sources at Canonical, Ubuntu Linux's parent company, and Microsoft, you'll soon be able to run Ubuntu on Windows 10. This will be more than just running the Bash shell on Windows 10. After all, thanks to programs such as Cygwin or MSYS utilities, hardcore Unix users have long been able to run the popular Bash command line interface (CLI) on Windows. With this new addition, Ubuntu users will be able to run Ubuntu simultaneously with Windows. This will not be in a virtual machine, but as an integrated part of Windows 10. [...] Microsoft and Canonical will not, however, sources say, be integrating Linux per se into Windows. Instead, Ubuntu will primarily run on a foundation of native Windows libraries.Update: 03/30 16:16 GMT by M: At its developer conference Build 2016, Microsoft on Wednesday confirmed that it is bringing native support for Bash on Windows 10. Scott Hanselman writes: This isn't Bash or Ubuntu running in a VM. This is a real native Bash Linux binary running on Windows itself. It's fast and lightweight and it's the real binaries. This is a genuine Ubuntu image on top of Windows with all the Linux tools I use like awk, sed, grep, vi, etc. It's fast and it's lightweight. The binaries are downloaded by you - using apt-get - just as on Linux, because it is Linux. You can apt-get and download other tools like Ruby, Redis, emacs, and on and on. This is brilliant for developers that use a diverse set of tools like me.

Posted
by
timothy
on Monday February 08, 2016 @03:34PM
from the good-works dept.

destinyland writes: Last week GitHub released a new open source tool called Scientist, a Ruby-based library they've been using in-house for several years. "It's the most terrifying moment when you flip the switch," GitHub engineer Jesse Toth told one technology reporter, who notes that the tool is targeted at developers transitioning from a legacy system. "Scientist was born when GitHub engineers needed to rewrite the permissions code — one of the most critical systems in the GitHub application." The tool measures execution duration and other metrics for both test and production code during runtime, and Toth reports that they're now also developing new versions in Node.js, C#, and .Net..

Posted
by
Soulskill
on Monday January 25, 2016 @11:38AM
from the made-me-hate-my-ISP dept.

Qbertino writes: I'm toying with the thought of moving my web development (PHP, HTML, CSS, JavaScript with perhaps a little Python and Ruby thrown in) into the cloud. The upsides I expect would be: 1) No syncing hassles across machines. 2) No installation of toolchains to get working or back to work — a browser and a connection is all that would be required. 3) Easy teamwork. 4) Easy deployment. 5) A move to Chrome OS for ultra-cheap laptop goodness would become realistic.

Is this doable/feasible? What are your experiences? Note, this would be for professional web development, not hobbyist stuff. Serious interactive JS, non-trivial PHP/LAMP development, etc. Has anyone have real world experience doing something like this? Maybe even experience with moving to a completely web-centric environment with Chrome OS? What have you learned? What would you recommend? How has it impacted your productivity and what do you miss from the native pipelines? What keeps you in the cloud, and enables you to stay there? Are you working "totally cloud" with a team and if so, how does it work out/feel? Does it make sense? As for concrete solutions, I'm eyeing Cloud9, CodeAnywhere, CodeEnvy but also semi-FOSS stuff like NeutronDrive. Anything you would recommend for real world productivity? Have you tried this and moved back? If so, what are your experiences and what would need to be improved to make it worthwhile? Thanks for any insights.

Posted
by
Soulskill
on Friday December 25, 2015 @05:32PM
from the onward-and-upward dept.

An anonymous reader writes: Ruby developers have announced the official release of Ruby 2.3.0. This release introduces a frozen string literal pragma, which is "a new magic comment and command line option to freeze all string literals in the source files." It also adds a safe navigation operator&. similar to what exists in C#, Groovy, and Swift. Ruby 2.3.0 also has many performance improvements. For more details, see the news file and the full changelog.